nut uses gdlib-config to find libgd, which happens to be deprecated. This
switches it to use pkgconfig and allows a fallback to gdlib-config, same
as the libusb check.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Bump PowerDNS Authoritative DNS Server to 4.2.0. Release changelong can be found at
https://doc.powerdns.com/authoritative/changelog/4.2.html#change-4.2.0
Compile Tested: OpenWRT Snapshot - armv7
Run Tested: Linksys WRT1900ACS - package runs correctly, not all functionality has been tested.
Signed-off-by: James Taylor <james@jtaylor.id.au>
Instead of always replying with a generic 500 internal server error code,
use more appropriate codes such as 403 to indicate denied permissions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Add a new `cgi-download` applet which allows to retrieve the contents
of regular files or block devices.
In order to initiate a transfer, a POST request in x-www-form-urlencoded
format must be sent to the applet, with one field "sessionid" holding
the login session and another field "path" containing the file path to
download.
Further optional fields are "filename" which - if present - will cause
the download applet to set a Content-Dispostition header and "mimetype"
which allows to let the applet respond with a specific type instead of
the default "application/octet-stream".
Below is an example for the required acl rules to grant download access
to files or block devices:
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "cgi-io",
"objects": [
[ "download", "read" ]
]
}'
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "file",
"objects": [
[ "/etc/config/*", "read" ],
[ "/dev/mtdblock*", "read" ]
]
}'
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Use the `cgi-io` scope to check for permission to execute the requested
command (`upload`, `backup`) and the `file` scope to check path
permissions.
The reasoning of this change is that `cgi-io` is usually used in
conjunction with `rpcd-mod-file` to transfer large file data out
of band and `rpcd-mod-file` already uses the `file` scope to manage
file path access permissions. After this change, both `rpc-mod-file`
and `cgi-io` can share the same path acl rules.
Write access to a path can be granted by using an ubus call in the
following form:
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "file",
"objects": [
[ "/var/lib/uploads/*", "write" ]
]
}'
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The `python-mysql` package was updated with PR https://github.com/openwrt/packages/pull/9705
For seahub this was omitted, since the Python dependencies are prefixed
with `python-`, so it was missed during the grep search.
And grepping just for `mysql` yields many results.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
commit 0c090fde68b2 ("scons: move host build tool to a proper place")
has moved scons into the packages feeds, so switch to that package
include and adjust build dependency to a new scons home.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
The CONTRIBUTING.md requests an (or multiple) SPDX identifier for GPL
licenses. But a lot of packages did use a different, non-SPDX style with a
"+" at the end instead of "-or-later".
Signed-off-by: Sven Eckelmann <sven@narfation.org>
* remove 'http-only' mode, all sources are now fetched from https sites
* the backup mode is now mandatory ('/tmp' is the default backup
directory), always create and re-use backups if available.
To force a re-download take the 'reload' action.
* support 'sshd' in addition to 'dropbear' for logfile parsing
to detect break-in events
* always update the black-/whitelist with logfile parsing results
in 'refresh' mode (no new downloads)
* rework the return code handling
* tweak procd trigger
* various small fixes
* (s)hellsheck cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
So that packages like acme requiring features from it can depend on it
explicitly, not the more basic "wget" which is also provided by
"uclient-fetch"
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* use raw procd interface trigger as last resort, if the
adblock config is not available during startup
* fix selective subdomain whitelisting for dnsmasq
* fix a kresd restart issue with 'DNS File Reset'
* fix a suspend/resume cornercase
* disable the tld compression, if the number of blocked domains
is greater than 'adb_maxtld' (default: 100000)
* made the fw portlist configurable (default '53 853 5353')
* preliminary support for inotify-like autoload features
of dns backends like kresd in future Turris OS. If 'adb_dnsinotify'
is set to 'true', all adblock related restarts and the
'DNS File Reset' will be disabled
Signed-off-by: Dirk Brenken <dev@brenken.org>
The double quote thells the shell that the list returned from `pidof` is a
single argument, therefore, `renice` will cry about a malformed input.
With this commit, `renice` will be applied correctly to all the returned PIDs
from `pidof`.
The output of `renice` for the quoted list is as follows:
`renice: invalid number '6592 6587 6586 6574'`
`renice` does not show and does apply the nice value if the list is unquoted.
Signed-off-by: Oever González <notengobattery@gmail.com>
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
The package on PyPi is named `mysqlclient`.
This should have been named `python-mysqlclient` from the start.
There is a `mysql` package on PyPi already but that's a different
code/package.
Doing this should avoid any future confusion.
There is no good time to do this rename; at least 19.07 has been branched
already and this can go into the next release [in a year or so].
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Maintainer: Jakub Tymejczyk <jakub@tymejczyk.pl>
Compile tested: ramips, Xiaomi Router 3G, fc54256
Run tested: ramips, Xiaomi Router 3G, 0f54d96
Description:
Mosh is "Remote terminal application that allows roaming, supports
intermittent connectivity, and provides intelligent local echo and line
editing of user keystrokes".
Project's site: https://mosh.org
Makefile and patch taken from: https://github.com/mchwalisz/mosh-openwrt
updated by me
Signed-off-by: Jakub Tymejczyk <jakub@tymejczyk.pl>
(Makefile cleanup and size optimizations)
Signed-off-by: Rosen Penev <rosenp@gmail.com>
- Correct SPDX License Identifier
- Move MAINTAINER, SUBMENU to more appropriate place
- Use HTTPS in URL
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
As discussed on GitHub[0] the package should be removed.
[0]: https://github.com/openwrt/packages/issues/7832
> The package is effectively orphaned upstream and has been for some
time. Given the security-sensitive nature of the package, an active
maintainer community is essential for safe usage. Racoon's lack of
support for IKEv2, despite it being stable for a long time, and the
availability of next-generation tunneling systems such as wireguard,
also would seem to limit its future value. Setkey's functionality
has been subsumed by 'ip xfrm'.
> If you disagree that ipsec-tools should be removed from OpenWRT,
please say so now. If there are still use cases for it that are
not met by other IKE implmenentations that would be good to
know. But more importantly, I think you'll need to convince us
that ipsec-tools is actually safe to operate on today's Internet
given its current state of development.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Introduce further ACL checks to verify that the request-supplied
upload location may be written to. This prevents overwriting things
like /bin/busybox and allows to confine uploads to specific directories.
To setup the required ACLs, the following ubus command may be used
on the command line:
ubus call session grant '{
"ubus_rpc_session": "d41d8cd98f00b204e9800998ecf8427e",
"scope": "cgi-io",
"objects": [
[ "/etc/certificates/*", "write" ],
[ "/var/uploads/*", "write" ]
]
}'
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* automatically add open uplinks to your wireless config,
e.g. hotel captive portals (disabled by default)
* shift net status check in a separate function
* (s)hellcheck cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
Fixes issue where CFLAGS were not being passed. This was breaking ASLR
builds.
Added PKG_BUILD_PARALLEL for faster compilation.
Added PKG_INSTALL. Changed install paths based on PKG_INSTALL paths.
Added --disable-debug to make sure debug code is disabled.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
On a Debian system without python3-distutils install, uwsgi-cgi was
failing to build because it couldn't import sysconfig from distutils.
OpenWrt packages should be using the OpenWrt python not the system
python. In addition we need to use python3 not python2, even when
both are available.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
* fix a dns restart issue if 'flush dns cache' is set
* fix a suspend/resume issue, the status wasn't properly updated
* fix a long standing query issue
* rework return code handling, mostly for debugging
* various cleanups & cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
Development moved to GitHub. Update URLs.
Cleaned up Makefile a bit for consistency between packages.
Added patch that removes deprecated bzero.
Ran init script through shellcheck. Fixed minor warnings.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Bidirectional Forwarding Detection (BFD) is a network protocol that is used to
detect faults between two forwarding engines connected by a link.
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
* update to git (2019-08-19)
* use new "kill_server" sysfs option on stop
* ensure reload_service() works correctly
* add inherit owner, force create mode, force directory mode UCI options
* add patches for mips target (vfree, vmalloc)
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
* background service: no longer miss "signal" events for the
dns backend (to trigger adblock)
* fix a dns backend reload issue during switch between
different blocking modes
* domain query: report found domains only once in
"null" blocking mode with IPv4 & IPv6 list entries
Signed-off-by: Dirk Brenken <dev@brenken.org>
* fix a possible race condition during DNS file reset on slow hardware
* optimize DNS restart behaviour in 'null' blocking mode
* mute useless warnings
Signed-off-by: Dirk Brenken <dev@brenken.org>
This commit updates:
- bump version to v20190809
- fix PKG_LICENSE_FILES
- rename package names to kcptun-server, kcptun-client
- refactor Makefile
- merge config and service scripts
- add more config options to support all features
- add additional options: gogc, syslog, user
- add README.md
Reference:
- package shadowsocks-libev
Signed-off-by: Chao Liu <expiron18@gmail.com>
* add support for 'DNS File Reset', where the final DNS blockfile
will be purged after DNS backend loading (save storage space).
A small background service will be started to trace/handle
dns backend reloads/restarts
* add support for the 'null' blocking variant in dnsmasq
(via addn-hosts), which may provide better response times
in dnsmasq
* enhance the report & search engine to support
the new blocking variants. Search now includes
backups & black-/whitelist as well
* compressed source list backups are now mandatory (default to '/tmp')
* speed up TLD compression
* E-Mail notification setup is now integrated in UCI/LuCI
* update the LuCI frontend to reflect all changes (separate PR)
* drop preliminary dnscrypt-proxy-support (use dnsmasq instead)
* drop additional 'dnsjail' blocklist support (not used by anyone)
* procd cleanups in init
* various shellcheck cleanups
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
Fixes:
when using HTTP/2 a client might cause excessive memory
consumption and CPU usage (CVE-2019-9511, CVE-2019-9513,
CVE-2019-9516).
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
iotivity's scons build script is not compatible with python3, so use
python2.7 from python/host to run it.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Otherwise compilation fails when clang-tidy is found in the host:
-- clang-tidy found: /usr/lib/llvm/7/bin/clang-tidy
error: unknown argument: '-fhonour-copts' [clang-diagnostic-error]
error: unknown argument:'-iremap[...]:https_dns_proxy-2018-04-23'
[clang-diagnostic-error]
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This avoids copying /usr/include, unversioned *.so files, pkgconfig,
/usr/lib/*.la, and the build-time libs/cflags configuration utility
clamav-config.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
f5420af phantap: do not capture vlans
5d1bd13 phantap-learn: improve the BPF filter, exclude vlans
be6f7d9 Readme.md: we now support talking to the victim.
8789da5 README.md: fix typo
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Full changelog here: https://mosquitto.org/blog/2019/08/version-1-6-4-released/
Fixes a regression in persistent session handling, and various other
regressions related to the mqtt5 support.
Signed-off-by: Karl Palsson <karlp@etactica.com>
Changelog prepared by upstream project
* osport.h: replace SUSv3-specific functions by POSIX variants [Fabrice Fontaine]
* avp: Error Code field in Result Code AVP is optional [Pau Espin Pedrol]
* network_thread: Early continue in loop to remove huge indented block [Pau Espin Pedrol]
* network_thread: Simplify while loop using for loop [Pau Espin Pedrol]
* network: connect_pppol2tp: early return to avoid huge indentation block [Pau Espin Pedrol]
* xl2tpd: start_pppd: Fix truncation of last character [Pau Espin Pedrol]
* handle_packet: Remove unneded else clause when handling payload [Pau Espin Pedrol]
* control: Split control message handling into its own function [Pau Espin Pedrol]
* handle_packet: Rearrange code flow to simplify it [Pau Espin Pedrol]
* avp: Early failure if no handler to remove indent block [Pau Espin Pedrol]
* xl2tpd: Mark internal symbols as static [Pau Espin Pedrol]
* Fix indentation and whitespace in code block [Pau Espin Pedrol]
* xl2tpd: Remove unused variable [Pau Espin Pedrol]
* network: Add missing close(kernel_fd) on init network failure [Pau Espin Pedrol]
* network: Add missing close(server_fd) on init network failure [Pau Espin Pedrol]
* Add 'cap backoff' option, limiting exponential backoff retries will
be delayed by exponentially longer time, unless that time is capped
by configuration. [Bart Trojanowski]
* Add program to show status icon in system tray. [Github user: username34]
* Add info on building and installing xl2tpd [Samir Hussain]
* Update formatting of README.md [Samir Hussain]
* Rename README.xl2tpd to README.md [Samir Hussain]
* Update Debian changelog [Samir Hussain]
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Firewall needs to be reloaded in the following cases:
- on service start when snmpd.general.enabled=1
- when snmpd daemon is stopped
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
This should fixopenwrt/packages#9346 ("shadowsocks-libev: undefined
behavior from unaligned access")
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Makefile always checks the existence of host's NAT-PMP header,
which results in internal NAT-PMP code being used if it's missing.
Add a patch to make it check targets' header instead.
Use aligned_alloc() instead of valloc() in case of uclibc.
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
kcptun is a stable & secure tunnel based on kcp with N:M multiplexing.
https://github.com/xtaci/kcptun
Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
* add extra options to control auto-addons to
blacklist & whitelist ('ban_autoblacklist' & 'ban_autowhitelist',
both enabled by default). If disabled auto-addons are only stored
temporary in the black/whitelist ipset but not in the list itself,
fixes#9631
* remove old, no longer needed procd workaround
* remove 'zeus' source from default config (discontinued)
Signed-off-by: Dirk Brenken <dev@brenken.org>
Signed-off-by: Dirk Brenken <dev@brenken.org>
* add missing dnsmasq dependency
* add a captive portal auto-login hook (configurable via uci/LuCI),
you could reference an external auto-login script - see readme
* provide an auto-login script for german ICE hotspots
(/etc/travelmate/wifionice.login), requires 'curl'
* small fixes
Signed-off-by: Dirk Brenken <dev@brenken.org>
This includes a major bug fix (2ed9c76) and some minor fixes/improvements
f104742 phantap-learn: do not use proto for ip neigh
9849b0f phantap-learn: cleanup
159653d Readme.md: update install instructions
ff3acc2 phantap: add support for talking to victim.
2ed9c76 phantap: Fix MAC snat
f6f2d2d Phantap: fix dns configuration
40fa14b phantap: look at DNS response instead of request
0d62deb Improve Readme
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Maintainer: Florian Eckert @feckert
Compile tested: not needed
Run tested: x86_64
Description:
Only two of the four IPs defined for wan are found in wanb, adding it so it is the same.
Signed-off-by: Daniel A. Maierhofer <git@damadmai.at>
We add the necessary Makefile, hotplug, config, and init bits
so that p910nd daemon runs as user:group p910nd:lp by default.
This eliminates an unnecessary root daemon.
The hotplug script sets the permissions of the USB lp
device(s) to read-write owner and group and no access to
anyone else, and sets owner root, group lp.
This is allows sufficient privileges to p910nd
to do it's job.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
Since this package has been abandoned, I don't mind taking it over.
If there are issues with it, I can also investigate, and be a point-man.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
PhanTap or Phantom tap is a small set of scripts that allow you to setup a network tap
that automatically impersonnate a victim device, allowing you to access internet using
the IP & MAC of the victim
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
It was requested in #9065 .
Cleaned up Makefile slightly.
Removed inactive maintainer.
Added PKG_BUILD_PARALLEL for faster compilation.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
When compiled with musl >1.1.20, fastd will crash in case it can't
resolve a peers hostname. This is due to a changed implementation of
freeaddrinfo in musl 1.1.21 onwards.
This segfault is fixed by not calling freeaddrinfo in case the supplied
pointer is null.
Signed-off-by: David Bauer <mail@david-bauer.net>
Main warning fixed was about echo -e not being supported by POSIX sh.
Added PKG_BUILD_PARALLEL for slightly faster compilation.
Small whitespace cleanups.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Maintainer: me
This commit bumps the version of pdns-recursor to the latest 4.2.0. This release brings in mostly minor changes, with the full changelog available at https://doc.powerdns.com/recursor/changelog/4.2.html
Signed-off-by: James Taylor <james@jtaylor.id.au>
* revert to 4.9.x series (4.10 needs too many unofficial patches and has weird waf bugs)
* cleanup patches
* enable AD_DC build option again
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
usleep is a legacy function that was removed in POSIX-2008. uClibc-ng can
be configured to compile without it. if out the code as it's not used.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This changes the init script to allow to monitor up to 8 network
interfaces. The support for up to 8 network interfaces was added to
mini_snmpd release 1.3 in November 2015.
Signed-off-by: Marcel Telka <marcel@telka.sk>
The maintainer is inactive, in addition to this package being woefully out
of date. It probably does not work properly.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
* adds cifs/smb kernel server module (cifsd)
* adds userspace tools (cifsd, cifsadmin)
* has UCI support (compatible with samba configs)
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
softethervpn overrides nls.mk by defining its iconv functions. This only
works if the libc has iconv. In addition, it does not allow external
libiconv usage. TARGET_LDFLAGS is also the wrong place to add -liconv.
Removed SSL3 patch. It was needed for OpenSSL 1.0.2 but not anymore.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This change also updates the maintainer email to cotequeiroz@gmail.com, as
requested on a different change.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This change also updates the maintainer email to cotequeiroz@gmail.com, as
requested on a different change.
Also, changing here is the download URL to github's codeload, since that
one offers .tar.gz archives.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
The pillow package has been updated to the Python[3] packaging format, and
now the package names are `python-pillow` & `python3-pillow`.
This change updates seafile-seahub to use it.
Not updating other packages as they will be converted to Python[3]
packaging format.
And not bumping PKG_RELEASE here as it will be done in the last commit that
updates deps for seafile-seahub.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Patch taken from upstream fixes an Invalid argument error while trying
to get the IP address of an interface.
Makefile was updated to current style.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Removed upstreamed patch.
Removed mirror. It seems it has a wrong HTTPS certificate.
Added PKG_BUILD_PARALLEL for faster compilation.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
* fix a corner case issue with auto expiry of the
'Faulty Station' list (the last run information was not updated)
Signed-off-by: Dirk Brenken <dev@brenken.org>
Needed for the new protobuf update.
Cleaned up Makefile.
Got rid of HOST_BUILD_DEPENDS. This package does not have a host build.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This change adds support for mstpd (Multiple Spanning Tree Protocol
Daemon).
mstpd works reasonably well with RSTP.
MSTP protocol works ok, but is known to have some issues with some managed
switches.
In order to get this to work, each physical switch port needs to have it's
own software network interface (so, for example: port 0 <==> eth0). This
means that this is suited mostly for higher end devices that can process
STP packets in software.
An interface for `swconfig` or Linux's DSA or switchdev would haven been
interesting, but it never materialized.
Adding this in the OpenWrt packages feed may provide some interest or
feedback on whether `mstpd` should do more, to integrate with managed
switches and offer some basis for Linux (through OpenWrt) as an OS for
managed switches.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Parallel building is causing a failure because it executes some
commands, such as patch, more than once.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
The configure test for gettimeofday does not include the proper header.
Override the variable as all OpenWrt libc have two arguments for
gettimeofday.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
* use '$ddns_rundir' in 'get_service_data' for pipe creation, fix#8971
* add missing local variables in 'get_service_data'
* change DNS server verification with drill in 'verify_host_port',
fix/supersed #8935
* remove needless cat calls in 'verify_host_port'
* set cloudfare TTL to min. 120 seconds, fix#7745
* bump/align package version number
Signed-off-by: Dirk Brenken <dev@brenken.org>
Maintainer: me
This commit addresses a build failure around guards on execinfo.h usage to
prevent uclibc from pulling it in, as it defines both __GLIBC__ and __UCLIBC__.
The original patch had invalid syntax which this corrects.
Signed-off-by: James Taylor <james@jtaylor.id.au>
Maintainer: me
Compile tested: armv7l, OpenWRT SDK
Run tested: armv7l Linksys WRT1900ACS, OpenWrt SNAPSHOT, r9987-655fff1571 -
confirmed PowerDNS recursor links correctly against libraries and runs on my
target environment.
Description:
PowerDNS Recursor is a high-performance resolving name server, utilizing
multiple processor and including Lua scripting capabilities.
This commit includes the recursive nameserver
https://www.powerdns.com/recursor.html
Signed-off-by: James Taylor <james@jtaylor.id.au>
- Now using codeload as suggested.
- Removed PKG_BUILD_PARALLEL, and PKG_USE_MIPS16:=0 as it was no longer needed to build the latest version successfully.
- Moved PKG_MAINTAINER to top.
- Use INSTALL_BIN instead of CP
- Added PKG_LICENSE and PKG_LICENSE_FILES
- Fixed a typo in TITLE
- DCO should be fixed now.
Signed-off-by: Andreas Nilsen <adde88@gmail.com>
If we're going to have a list of ntp servers, we should at least respect
them. Fallback to the original static list if no configured servers are
found.
Signed-off-by: Karl Palsson <karlp@etactica.com>
This is required for conntrack zone limit support. Linux upstream
commit is 11efd5cb ("openvswitch: Support conntrack zone limit")
Ref: https://github.com/openwrt/packages/issues/9274#issuecomment-507181166
Reported-by: Lech Perczak <lech.perczak@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
STAGING_DIR_HOST is for packages under tools/ , not host packages.
Reorganized Makefile for consistency between packages.
Added PKG/HOST_BUILD_PARALLEL for faster compilation.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Added -Wno-error to fix.
Also added patch to fix compilation without deprecated OpenSSL APIs.
Added PKG_BUILD_PARALLEL for faster compilation.
Switched libcyassl to libwolfssl.
Reorganized makefile for consistency between packages.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
It seems there is a mistake in the version I sent upstream.
Cleaned up Makefile for consistency between packages.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
* optimize the main scan/iwinfo call (performance & system load):
- remove a needless f_trim function call
- remove a redundant awk call
- reduce the scan buffer size and
make it configurable (trm_scanbuffer, default 1024 bytes)
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
the latest update url format for deSEC is
http(s)://update.dedyn.io/update?username=[USERNAME]&password=[PWD]
Signed-off-by: James Qian <sotux82@gmail.com>
This applies to uClibc-ng and libiconv-full
Switched to building with uClibc++.
Fixed license information.
Fixed BUILD_DEPENDS.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
PowerDNS released two new versions which together add some features and address security issues.
Changelog: https://doc.powerdns.com/authoritative/changelog/4.1.html
This release and 4.1.9 together fix the following security advisories:
PowerDNS Security Advisory 2019-04 (CVE-2019-10162)
PowerDNS Security Advisory 2019-05 (CVE-2019-10163)
Signed-off-by: James Taylor <james@jtaylor.id.au>
Backported upstream patches that fix this.
Removed local patch that fixes libp11 with version 0.4.7, which is not
used anymore. Upstream has a different solution.
License fixes and Makefile cleanups.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The arc700 target (and probably others) uses uclibc as it's c-library. However,
uClibc's libcrypt seems to not support the crypt_data struct which broke
the build. This fix adds a new build-target to haproxy which does not use
libcrypt. Summing up, this commit does:
- Add support for uclibc to haproxy with libcrypt disabled
- Add detection of c-library to configure the correct build-target
- Silence additional warnings
- Update patches
Signed-off-by: Christian Lachner <gladiac@gmail.com>
This service monitors (each 3s) switchdev ports and brings down CPU
ports when all related non-CPU vlan ports are also down. Otherwise,
it brings the port up.
In order to hide CPU ports from netifd, when a device is brought down,
the device is renamed adding the suffix "_down".
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
- Update haproxy download URL and hash
- Add new patches
- Add several CFLAGS (derived from haproxy Makefile) to make the build work with v1.9+
- Update default configuration
- Add check-command (for config) to init-script
- Add prometheus-service from contribs by default
Signed-off-by: Christian Lachner <gladiac@gmail.com>
This change is inspired by commit openwrt/openwrt@38b22b1e ("nghttp2:
deduplicate files in libnghttp2")
The packages in this commit are identified with the following command
grep -rin -E 'INSTALL_(DATA|BIN)' | grep -F '.so' | grep -F '*'
Some of them do not have symlinks and are not affected, but the change
is still applied for consideration of best practices just in case
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Fixes: https://github.com/openwrt/packages/issues/9255
This seems to fail the build for this package only.
So, this change patches the build, to add `-lssp` to the LDFLAGS of this
package, in case the build uses GCC's libssp.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
The nsh.ko requirement was introduced in kernel 4.15. Currently there
are 3 kernel versions in base system, 4.9, 4.14, 4.19
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This is a workaround to prevent the whole build from failing because of
the intree kmods are not supported yet by upstream project.
Root cause is that kernel version should not play a part when making
DEPENDS as the generated kconfig was for all targets that may have
different kernel versions.
One less than ideal effect of this change is that for an unsupported
kernel version, people can still select the intree kmod but it won't be
built. This may contradict expectation if the warning was not noticed
by them
Resolvesopenwrt/packages#9274
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Change log for v3.11.1716:
[IMP] Replaced libhttpd with libevent, therefore commented thread
related parameters in wifidogx conf file
[IMP] Added REQUEST_TYPE_COUNTERS_V2 to wifidog protocol
[IMP] Sent online and offline client's counter info to auth server
[FIX] Fixed missing setting online_time parameter bug
Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
- treat RFC6762 'local.' as nxdomain because avahi and other services
will disable if SOA or NS records appear in central DNS.
- allow two threads to be enabled with the 'heavy traffic' variant of
Unbound packages.
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
* refine 'refresh' mode, add normal processing/download as fallback
* remove needless reload trigger
* fix various ipset warnings
* fix timer in 'refresh' mode
* adapt ssbl regex to new source list format
Signed-off-by: Dirk Brenken <dev@brenken.org>
seafile-seahub's build is a mess.
It hijacks some OpenWrt mk files into the build.
This can be avoided by provided some of the required parameters via
env-vars and patching the env-vars into the build.
Which is what this patch does.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
The change is mostly organizational.
More packages will be moved to have python- or python3- prefixes.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
remove unused patches
Add patch to:
Automatically detect whether Curve25519 is available in NSS for USE_DH31
Signed-off-by: Antony Antony <antony@phenome.org>
enable libunbound, along with dependency
add kmod-crypto-aead kmod-crypto-gcm dependency to support AES GCM
disable libseccomp
/git/openwrt/build_dir/target-mips_24kc_musl/libreswan-3.27/include/lswseccomp.h:24:10: fatal error: seccomp.h: No such file or directory
#include <seccomp.h>
^~~~~~~~~~~
add missing dependency nspr
add nss-utils dependency to able to import x509 Certificates to fix the error
ipsec import west.p12
/usr/sbin/ipsec: line 239: pk12util: not found
/usr/sbin/ipsec: line 84: certutil: not found
remove libnss dependency, nss-utils util will pull it.
remove unused build option KERNELSRC not necesscay since b4b98e2922.
Signed-off-by: Antony Antony <antony@phenome.org>
Maintainer: me
Compile tested: armv7l, OpenWRT SDK
Run tested: armv7l Linksys WRT1900ACS, OpenWrt SNAPSHOT, r9987-655fff1571 -
confirmed PowerDNS server links correctly against libraries. I'm unable to test
all the backend modules as I don't have suitable backing stores set up for each.
Description:
PowerDNS is a versatile nameserver which supports a large number of different
backends ranging from simple zonefiles to relational databases and load
balancing/failover algorithms. PowerDNS tries to emphasize speed and security.
This commit includes the authoritative nameserver, backends and additional tools
https://www.powerdns.com/auth.html
Signed-off-by: James Taylor <james@jtaylor.id.au>
Change log for v2.88:
[IMP] Added support for search and replace privacy expressions.
[IMP] Added support for masking external addresses with private address ranges.
[IMP] When enabled, trigger a sink update on start-up.
[IMP] Added flow hash cache.
[IMP] Added HTTPS as a super-protocol of SSL.
[IMP] Add ability to save DNS hint cache to non-volatile (persistent) memory.
[IMP] Save sink responses when "json_save" is enabled.
[IMP] Added dynamic sink URL cloud configuration.
[IMP] Implemented per-detection-thread packet capture queue.
[IMP] Added support for a loadable serial UUID.
[IMP] Added configuration option to override sink connection timeout.
[IMP] Idle flow TTLs tunable via configuration directives.
[IMP] Added idle TCP flow multiplier to keep TCP flows in memory longer.
[IMP] Added new flow metadata "first_update_at" timestamp.
[IMP] Added complete reference sample configuration file.
[IMP] Various optimizations and fixes for FreeBSD.
[IMP] Employ advisory locking when writing output files.
[FIX] Ensure all configuration files are preserved on upgrades.
[FIX] Fixed automatic interface role detection for nethserver/shorewall.
[FIX] Memory usage fixes using profiling tools.
[UPD] Updated to nDPI v2.9.0-dev-709a87c.
[OPT] Flush and compress upload queue as soon as possible.
[OPT] Significantly reduced detection thread locking times.
[DEV] Added example plugin submodule to repository.
Signed-off-by: Darryl Sokoloski <darryl@sokoloski.ca>
Use link-time optimization and --gc-sections --as-needed ldflags
Reduces ipk size by 20%
Remove unnecessary dependencies
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
Fix license info to use SPDX name.
Switched to wget instead of curl to avoid having a dependency on 2 SSL
libraries.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Busybox brctl applet conflicts with the version from bridge-utils.
Fix this by using ALTERNATIVE support for brctl in bridge-utils.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
[PKG_RELEASE bump]
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
OpenWrt toolchains already use correct CFLAGS for every ARM target
There is no reason to use conservative CFLAGS now
It also causes compile error with GCC 9.1.0
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
Moving the DNSDIST package into the IP Addresses and Names subcategory under Network. This will make it easier to find since it will be with other DNS tools.
Signed-off-by: James Taylor <james@jtaylor.id.au>
